THE RECENT hacking of government websites is said to be an indication of what could happen during the country’s first automated national elections on May 10.
At this point, only one national government website remains “hack-free,” according to an official.
The Commission on Information and Communications Technology (CICT) attributed the problem to low maintenance of government websites brought about by lack of knowledge and investment on information and communications technology (ICT) in the country.
“The government should invest more in cyber security,” said Malou Santelices, project manager of the Cyber Security Office under CICT.
CICT is under the Office of the President, and only had a P113.4-million budget last year.
The P329-billion National Broadband Network, where CICT served as primary consultant, would have been a good project to improve the country’s ICT capabilities by centralizing all government agencies’ websites, but the controversial deal with China’s ZTE Corp. was cancelled last year by President Gloria Macapagal-Arroyo over allegations of corruption.
Just recently the website of the Technical Education and Skills Development Authority (Tesda) was defaced by a picture of a man with a dirty finger and a message calling for justice for Kemberly Jul Luna, who was killed in a clash with government troops last December 15. The website redirects after 20 seconds to the website of Smartmatic, the foreign company in the consortium that won the bidding for 82,000 automated counting machines to be used in the May elections.
The incident followed a series of hackings last December that bogged down the websites of the Department of Public Works and Highways, Department of Labor and Employment, Department of Health, and the National Disaster Coordinating Council, in what the government claimed was an effort to sow fear and uncertainty on the coming polls. The Commission on Elections has repeatedly said that the system to be used in the elections is “hack-proof.”
“The Bureau of the Internal Revenue remains the only government agency whose website has not been hacked,” Santelices said.
She said government websites are housed in one main server, thus hacking one website threatens the security of others.
“Interdependency of government websites threaten their security; that is the reason why their cyber security measures should be enhanced,” she explained.
Hackers perform distributed-denial-of-service attacks to websites, making them unavailable to users.
The CICT tracks down hackers by tracing their internet service providers (ISP), but Santelices admitted that the agency is powerless in the absence of an enabling law to penalize cyber crimes.
House Bill No. 6794 or the Cyber Crime bill had been effectively put in the legislative archives with the congressional break early this month as the campaign season began.
“The government’s lack of interest in cyber security has led to cyber criminals not being apprehended,” she said.
For Beatriz Lacsamana, assistant director for network and hardware operations of the Santo Tomas e-Service Providers, a big factor in securing websites is the trustworthiness of those who use it.
“The biggest risk is the people who have direct access to the system who are entrusted with administrator and root passwords,” she said. “Establishing a trust relationship anchoring on honor and commitment in dealing with the security is vital.”
To protect the University from similar incidences, firewalls, which are technological barriers designed to prevent unauthorized or unwanted communications on a computer network, have been installed to guard the University’s database and to protect computer software. University administrators also require everyone with access to the University computer system to have strong passwords to avoid cyber-related crimes. A.R.H. Royandoyan
